OWASP WebScarab Technical Specifications

See Key Below

Technical Specification

Component Name Spider (Metis)
Specification Author Mark Curphey
Developer / Component Owner Sacha Faust
Approved By  
Feature Name Full HTTP 1.0 and 1.1 Support Priority 1
Description
  • Should be able to handle GET, HEAD, OPTIONS and POST methods
  • Should be able to respond to all HTTP server reponse codes
  • Should be able to deal with virtual hosts (HTTP 1.1)
  • Should capture all HTTP headers and entity bodies
  • Should be able to handle (and record) cookies
 
 
Feature Name SSL and TLS Support Priority 1
Description
  • Should be able to spider SSL sites
  • Parse SSL headers
  • Parse X.509 Certificates
 
 
Feature Name Parse HTML / XML Priority 1
Description
  • Identify and follow URL'S
  • Intelligently handle forms, specifically allowing user interaction via GUI

 

 
 
Feature Name Parse Cascading Style Sheets Priority 1
Description
  • Identify and follow URL'S

 

 

 
 
Feature Name Parse JavaScript Priority 2
Description
  • Identify and follow URL'S
  • Intelligently handle forms, specifically allowing user interaction via GUI
 
 
Feature Name Parse Flash Priority 3
Description
  • Identify and follow URL'S
  • Intelligently handle forms, specifically allowing user interaction via GUI
 
 
Feature Name Parse VBScript Priority 3
Description
  • Identify and follow URL'S
  • Intelligently handle forms, specifically allowing user interaction via GUI
 
 
Feature Name HTTP Basic Authentication Priority 1
Description
  • Should be able to read a list of arrays of username and passwords entered by the user and provide them for HTTP basic authentication where needed
 
 
Feature Name HTTP Digest Authentication Priority 1
Description
  • Should be able to read a list of arrays of username and passwords entered by the user and provide them for HTTP digest authentication where needed
 
 
Feature Name NTLM Authentication Priority 2
Description
  • Should be able to read a list of arrays of username and passwords entered by the user and provide them for HTTP NTLM authentication where needed
 
 
Feature Name Customized HTTP 404 Pages Priority 1
Description
  • Should allow users to specifiy custom HTTP 404 (and similar) response codes through specifiying text in HTML and / or alternative HTTP codes
  • Treat all custom 404's as true 404's
 
 
Feature Name Customizable HTTP User Agent Header Priority 2
Description
  • Should allow users to specify HTTP User Agent headers to mimic specific browsers.
  • Strings should be able to be selected from a predefined list and cutomizable.
 
 

Index Guide

Priority Description 1 2 3
Description

A feature that is

  • considered absolutely neccesary for the tools first release
  • needed for core fucntionality
  • needed to support other components

A feature that is

  • considered desireable but not absolutely needed
  • not requireed by any other components

A feature that is

  • nice to have if possible
  • not required by any other components